[Bf-committers] Please turn off Auto Run Python Scripts by default

Shrinidhi Rao shrinidhi666 at gmail.com
Wed Jun 5 05:13:05 CEST 2013 

isnt using a computer itself a risk ?! . why not just disable the net and
other out worldly connections to the comp . ?  y do we want to use a hard
disk? ..isnt it possible that some app will always overwrite our data? we
might even format it by mistake!!!! .

 i would prefer usability rather than some closed and difficult to
implement software thats marketed  as  psychologically "secure" like
windows OS! . people who are concerned about security using any software
shouldn't use computers itself ! .. its simple . I wouldnt want people in a
studio to always click a few extra buttons and forget sometimes and cause
havoc on scenes while rendering , and spend a day trying to find out the
problem!

* pop ups are "not" an option during command line batching operations .
Since there is an CLI option to enable and disable a script . it makes
sense to disable it by default and people using it in studios can target
blender to start with the "autorun enabled" option . provided the change is
propagated to all blender users in some way so they remember the change :)
 . why complicate it with GUI popups? :( .

and the only software that is safe is the one that does "nothing" .
"security" is a user side issue . users should be informed and educated.
any user who is dumb enough to turn a blind eye towards it and gets into
trouble deserves it  . because a software cannot provide security to all
users . if it does that .. it does nothing! .


On Wed, Jun 5, 2013 at 4:28 AM, Yu Asakusa <yu.asakusa at gmail.com> wrote:

> Thank you for the list of potential risks.  I cannot judge how
> difficult it is to solve all of them and make it safe for a user to
> open an untrusted blend file, but it seems it is much harder than I
> expected.
>
> If it is too hard, do you think it is easier to better communicate to
> users that opening an untrusted blend file in Blender is a dangerous
> operation?
>
> As the community of Blender grows, it seems that more and more people
> are downloading blend files made by someone they do not know, and this
> trend is likely to continue.  Many users reasonably expect that “just”
> opening a blend file is a safe operation, unlike opening an executable
> file.  The security problem here is the mismatch between user’s
> expectation and the actual behavior rather than the behavior itself.
> I hoped the actual behavior could be changed to match user’s
> expectation, but now I am less hopeful (although from Campbell
> Barton’s reply it seems all hope is not lost).  Then changing user’s
> expectation to match the reality might be an easier way to resolve
> this mismatch.  If users know they should handle downloaded blend
> files just like downloaded executable files, this will no longer be a
> vulnerability.
>
> On Tue, Jun 4, 2013 at 3:38 PM, Brecht Van Lommel
> <brechtvanlommel at pandora.be> wrote:
> > On Tue, Jun 4, 2013 at 7:58 PM, David Jeske <davidj at gmail.com> wrote:
> >> The decision at the time was that no, we do not. Also note that even
> >>> disabling scripts does not make Blender secure, there's dozens of
> >>> other ways to create malicious .blend files.
> >>>
> >>
> >> What are the other "dozen" ways blender could
> >> read/destroy/send-files-to-the-internet/install-viruses with python
> scripts
> >> disabled?
> >
> > Some examples:
> >
> > * Animation rendering, compositor file output node, point caches, etc
> > all write to disk. When set to certain paths they can overwrite
> > important files.
> > * Blend files can contain user preferences and those will be loaded
> > automatically.
> > * Keyboard shortcuts can be bound to arbitrary operators which can be
> > used to do pretty much anything.
> > * We don't generally keep up with the latest security fixes for jpg,
> > png, .. libraries.
> > * Auto Start for games.
> > * Specially crafted screen setup so user executes code in the python
> > console editor without noticing.
> > * Buffer overflows are easy to achieve with the current .blend file
> > reading code.
> >
> > Scripts of course make it easier, but even without that it's still
> > fairly easy to do damage.
> >
> > Brecht.
> > _______________________________________________
> > Bf-committers mailing list
> > Bf-committers at blender.org
> > http://lists.blender.org/mailman/listinfo/bf-committers
> _______________________________________________
> Bf-committers mailing list
> Bf-committers at blender.org
> http://lists.blender.org/mailman/listinfo/bf-committers
>



-- 

regards
- shrinidhi


Even god fails to understand a human until his death!
http://www.linkedin.com/in/shrinidhi666
https://github.com/shrinidhi666



<http://www.imdb.com/name/nm3025616>

More information about the Bf-committers mailing list